CN110278207B - Click hijacking vulnerability detection method and device and computer equipment - Google Patents

Click hijacking vulnerability detection method and device and computer equipment Download PDF

Info

Publication number
CN110278207B
CN110278207B CN201910540302.0A CN201910540302A CN110278207B CN 110278207 B CN110278207 B CN 110278207B CN 201910540302 A CN201910540302 A CN 201910540302A CN 110278207 B CN110278207 B CN 110278207B
Authority
CN
China
Prior art keywords
page
detected
response message
http response
click operation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910540302.0A
Other languages
Chinese (zh)
Other versions
CN110278207A (en
Inventor
张何钫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910540302.0A priority Critical patent/CN110278207B/en
Publication of CN110278207A publication Critical patent/CN110278207A/en
Priority to PCT/CN2020/085723 priority patent/WO2020253351A1/en
Application granted granted Critical
Publication of CN110278207B publication Critical patent/CN110278207B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a click hijacking vulnerability detection method, a device and computer equipment, wherein the method comprises the following steps: acquiring a Uniform Resource Locator (URL) of a page to be detected, and determining whether to execute a simulated click operation on the page to be detected according to the URL; if the simulated click operation is determined to be executed on the page to be detected, acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation; determining whether the page to be detected has a click hijack vulnerability or not according to at least one item of result in the HTTP response message; the at least one item of result comprises whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijacking code for prohibiting the page to be detected from loading the iframe page.

Description

一种点击劫持漏洞检测方法、装置及计算机设备A clickjacking vulnerability detection method, device and computer equipment

技术领域technical field

本发明涉及金融科技(Fintech)领域和信息安全领域,尤其涉及一种点击劫持漏洞检测方法、装置及计算机设备。The present invention relates to the field of financial technology (Fintech) and the field of information security, in particular to a clickjacking vulnerability detection method, device and computer equipment.

背景技术Background technique

随着计算机技术的发展,越来越多的技术(大数据、分布式、区块链(Blockchain)、人工智能等)应用在金融领域,传统金融业正在逐步向金融科技(Fintech)转变。目前,金融科技领域中,信息安全至关重要,点击劫持是一种视觉上的欺骗手段,攻击者可以使用一个透明的、不可见的内联框(iframe),覆盖在一个网页上,然后诱使用户在该网页上进行操作,通过调整iframe页面的位置,可以诱使用户恰好点击在iframe页面的一些功能性按钮上和一些操作。因此,一些网页上是存在点击挟持漏洞的,需要将这些点击挟持漏洞检测出来。With the development of computer technology, more and more technologies (big data, distributed, blockchain (Blockchain), artificial intelligence, etc.) are applied in the financial field, and the traditional financial industry is gradually transforming into financial technology (Fintech). At present, in the field of financial technology, information security is very important. Clickjacking is a visual deception method. An attacker can use a transparent and invisible inline frame (iframe) to overlay a web page, and then lure To make the user operate on the webpage, by adjusting the position of the iframe page, the user can be induced to click on some functional buttons and perform some operations on the iframe page. Therefore, there are click-jacking vulnerabilities on some web pages, and these click-jacking vulnerabilities need to be detected.

目前检测点击挟持漏洞方式为人工测试网页,通过人工任意点击网页,测试会不会点击在iframe页面的一些功能性按钮上,来确定一个页面是否存在点击挟持漏洞。然而,人工检测方式下,很难辨别是否点击在iframe页面的一些功能性按钮上还是待检测页面上,因此,现有技术中检测点击劫持漏洞时很容易出现漏报或误报,检测准确率较低。At present, the way to detect clickjacking vulnerabilities is to manually test webpages. By manually clicking on webpages, the test will click on some functional buttons on the iframe page to determine whether a page has clickjacking vulnerabilities. However, under the manual detection method, it is difficult to distinguish whether the click is on some functional buttons on the iframe page or on the page to be detected. lower.

发明内容Contents of the invention

本申请实施例提供一种点击劫持漏洞检测方法、装置及计算机设备,解决了现有技术中检测点击劫持漏洞时很容易出现漏报或误报,检测准确率较低的问题。The embodiment of the present application provides a clickjacking vulnerability detection method, device and computer equipment, which solves the problems in the prior art that omissions or false positives are easy to occur when detecting clickjacking vulnerabilities, and the detection accuracy is low.

第一方面、本申请实施例提供一种点击劫持漏洞检测方法:获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作;若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文;根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞;所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码。In the first aspect, the embodiment of the present application provides a clickjacking vulnerability detection method: obtain the Uniform Resource Locator URL of the page to be detected, and determine whether to perform a simulated click operation on the page to be detected according to the URL; The page to be detected performs a simulated click operation, then obtains the hypertext transfer protocol HTTP response message returned based on the simulated click operation; determines whether there is a click on the page to be detected according to at least one result in the HTTP response message Hijacking vulnerability; the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, or whether the HTTP response message contains an inline box for prohibiting the loading of the page to be detected The default anti-hijacking code for iframe pages.

上述方法中,首先获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作,若确定对所述待检测页面执行模拟点击操作,则获取HTTP响应报文,并根据所述HTTP响应报文中的至少一项结果确定是否存在点击劫持漏洞;从而根据所述URL减少了点击劫持漏洞的一部分漏报,另外,对所述待检测页面进行点击劫持漏洞时,通过对所述待检测页面执行模拟点击操作的至少一项结果确定所述待检测页面是否存在点击劫持漏洞,而CSP的页面嵌套属性,表征了待检测页面能否被iframe页面嵌套,另外再结合用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码,全面考虑了待检测页面是否存在点击劫持漏洞,从而提升了检测准确率。In the above method, first obtain the uniform resource locator URL of the page to be detected, and determine whether to perform a simulated click operation on the page to be detected according to the URL, if it is determined to perform a simulated click operation on the page to be detected, then obtain HTTP Response message, and determine whether there is a click-hijacking vulnerability according to at least one result in the HTTP response message; thereby reducing a part of false negatives of the click-hijacking vulnerability according to the URL, and in addition, click on the page to be detected When hijacking a vulnerability, determine whether there is a click hijacking vulnerability on the page to be detected by performing at least one result of a simulated click operation on the page to be detected, and the page nesting attribute of the CSP represents whether the page to be detected can be blocked by an iframe page Nesting, combined with the preset anti-hijacking code used to prohibit the page to be detected from loading the iframe page, comprehensively considers whether there is a click hijacking vulnerability on the page to be detected, thereby improving the detection accuracy.

一种可选实施方式中,所述HTTP响应报文包括HTTP资源部分,按照以下方式确定所述HTTP响应报文是否含有所述预设防劫持代码:将所述HTTP资源部分与预设正则表达式进行正则匹配,根据正则匹配的结果确定所述HTTP响应报文是否含有所述预设防劫持代码。In an optional implementation manner, the HTTP response message includes an HTTP resource part, and it is determined whether the HTTP response message contains the preset anti-hijacking code in the following manner: combine the HTTP resource part with a preset regular expression Regular matching is performed according to the regular matching result, and whether the HTTP response message contains the preset anti-hijacking code is determined according to the regular matching result.

上述方法中,通过对HTTP资源部分与预设正则表达式进行正则匹配的结果,确定所述HTTP响应报文是否含有所述预设防劫持代码,由于正则表达式具有较强的逻辑性和灵活性,因此可以准确检验出是否含有所述预设防劫持代码。In the above method, it is determined whether the HTTP response message contains the preset anti-hijacking code through the result of regular matching of the HTTP resource part and the preset regular expression, because the regular expression has strong logic and flexibility Therefore, it can be accurately checked whether the preset anti-hijacking code is contained.

一种可选实施方式中,所述若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文,包括:若所述模拟点击操作对应的HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息,则获取基于所述模拟点击操作返回的所述HTTP响应报文。In an optional implementation manner, if it is determined to perform a simulated click operation on the page to be detected, obtaining a Hypertext Transfer Protocol HTTP response message returned based on the simulated click operation includes: if the simulated click operation The corresponding HTTP request is a request for changing the background data of the page to be detected, and the HTTP request contains login status information, then the HTTP response message returned based on the simulated click operation is obtained.

上述方法中,由于HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息时,该HTTP请求才有出现劫持漏洞的条件,因此这种情况下才获取HTTP响应报文。In the above method, since the HTTP request is a request to change the background data of the page to be detected, and the HTTP request contains login state information, the HTTP request has the condition of hijacking vulnerability, so in this case, the HTTP response message.

一种可选实施方式中,所述根据所述URL确定是否对所述待检测页面执行模拟点击操作,包括:确定所述URL是否在预设URL白名单中,若否,则对所述待检测页面执行模拟点击操作。In an optional implementation manner, the determining whether to perform a simulated click operation on the page to be detected according to the URL includes: determining whether the URL is in a preset URL whitelist, and if not, performing an operation on the page to be detected The detection page performs a simulated click action.

上述方法中,通过预设URL白名单,提前过滤掉一部分URL,从而在一定程度上防止误报,提升了点击劫持漏洞的检测准确率。In the above method, some URLs are filtered out in advance by presetting the URL whitelist, thereby preventing false positives to a certain extent and improving the detection accuracy of clickjacking vulnerabilities.

一种可选实施方式中,所述至少一项结果还包括:所述HTTP响应报文是否包括页面嵌套头部信息。In an optional implementation manner, the at least one result further includes: whether the HTTP response message includes page nesting header information.

上述方法中,扩展了检测点击劫持漏洞的另一种结果,页面嵌套头部信息表征了待检测页面的页面嵌套属性,进一步提升了点击劫持漏洞的检测准确率。In the above method, another result of detecting the clickjacking vulnerability is extended, and the page nesting header information represents the page nesting attribute of the page to be detected, which further improves the detection accuracy of the clickjacking vulnerability.

第二方面,本申请提供一种点击劫持漏洞检测装置,包括:获取模块,用于获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作;处理模块,用于若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文;根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞;所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码。In a second aspect, the present application provides a clickjacking vulnerability detection device, including: an acquisition module, configured to acquire the Uniform Resource Locator URL of the page to be detected, and determine whether to perform a simulated click operation on the page to be detected according to the URL A processing module, configured to obtain a hypertext transfer protocol HTTP response message returned based on the simulated click operation if it is determined to perform a simulated click operation on the page to be detected; according to at least one item in the HTTP response message As a result, it is determined whether there is a click-hijacking vulnerability in the page to be detected; the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, or whether the HTTP response message contains the The preset anti-hijacking code of the inline box iframe page is prohibited from being loaded by the page to be detected.

一种可选实施方式中,所述HTTP响应报文包括HTTP资源部分,所述处理模块具体用于:按照以下方式确定所述HTTP响应报文是否含有所述预设防劫持代码:将所述HTTP资源部分与预设正则表达式进行正则匹配,根据正则匹配的结果确定所述HTTP响应报文是否含有所述预设防劫持代码。In an optional implementation manner, the HTTP response message includes an HTTP resource part, and the processing module is specifically configured to: determine whether the HTTP response message contains the preset anti-hijacking code in the following manner: Perform regular matching on the HTTP resource part and the preset regular expression, and determine whether the HTTP response message contains the preset anti-hijacking code according to the result of the regular matching.

一种可选实施方式中,所述处理模块具体用于:若所述模拟点击操作对应的HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息,则获取基于所述模拟点击操作返回的所述HTTP响应报文。In an optional implementation manner, the processing module is specifically configured to: if the HTTP request corresponding to the simulated click operation is a request for changing the background data of the page to be detected, and the HTTP request contains login status information, Then acquire the HTTP response message returned based on the simulated click operation.

一种可选实施方式中,所述处理模块具体用于:确定所述URL是否在预设URL白名单中,若否,则对所述待检测页面执行模拟点击操作。In an optional implementation manner, the processing module is specifically configured to: determine whether the URL is in the preset URL whitelist, and if not, perform a simulated click operation on the page to be detected.

一种可选实施方式中,所述至少一项结果还包括:所述HTTP响应报文是否包括页面嵌套头部信息。In an optional implementation manner, the at least one result further includes: whether the HTTP response message includes page nesting header information.

上述第二方面及第二方面各个实施例的有益效果,可以参考上述第一方面及第一方面各个实施例的有益效果,这里不再赘述。For the above-mentioned second aspect and the beneficial effects of each embodiment of the second aspect, reference may be made to the above-mentioned first aspect and the beneficial effects of each embodiment of the first aspect, which will not be repeated here.

第三方面,本申请实施例提供一种计算机设备,包括程序或指令,当所述程序或指令被执行时,用以执行上述第一方面及第一方面各个实施例的方法。In a third aspect, an embodiment of the present application provides a computer device, including a program or an instruction, and when the program or instruction is executed, is used to execute the above-mentioned first aspect and the method in each embodiment of the first aspect.

第四方面,本申请实施例提供一种存储介质,包括程序或指令,当所述程序或指令被执行时,用以执行上述第一方面及第一方面各个实施例的方法。In a fourth aspect, an embodiment of the present application provides a storage medium, including a program or an instruction, and when the program or instruction is executed, is used to execute the above-mentioned first aspect and the method in each embodiment of the first aspect.

附图说明Description of drawings

图1为本申请实施例提供的一种点击劫持漏洞检测方法的步骤流程示意图;FIG. 1 is a schematic flow chart of a clickjacking vulnerability detection method provided in an embodiment of the present application;

图2为本申请实施例提供的一种点击劫持漏洞检测方法的预设防劫持代码的示意图;FIG. 2 is a schematic diagram of a preset anti-hijacking code of a clickjacking vulnerability detection method provided by an embodiment of the present application;

图3为本申请实施例提供的一种点击劫持漏洞检测方法的具体步骤流程示意图;FIG. 3 is a schematic flow chart of specific steps of a clickjacking vulnerability detection method provided by an embodiment of the present application;

图4为本申请实施例提供的一种点击劫持漏洞检测装置的结构示意图。FIG. 4 is a schematic structural diagram of a clickjacking vulnerability detection device provided by an embodiment of the present application.

具体实施方式Detailed ways

为了更好的理解上述技术方案,下面将结合说明书附图及具体的实施方式对上述技术方案进行详细的说明,应当理解本申请实施例以及实施例中的具体特征是对本申请技术方案的详细的说明,而不是对本申请技术方案的限定,在不冲突的情况下,本申请实施例以及实施例中的技术特征可以相互结合。In order to better understand the above technical solution, the above technical solution will be described in detail below in conjunction with the accompanying drawings and specific implementation methods. It should be understood that the embodiments of the present application and the specific features in the embodiments are detailed descriptions of the technical solution of the present application. To illustrate, rather than limit, the technical solutions of the present application, the embodiments of the present application and the technical features in the embodiments can be combined without conflict.

金融科技(Fintech)领域中,信息安全重要性不言而喻。在金融交易过程中,一些网页上是存在点击挟持漏洞的,需要将这些点击挟持漏洞检测出来。目前检测点击挟持漏洞方式为人工测试网页,通过人工任意点击网页,测试会不会点击在iframe页面的一些功能性按钮上,来确定一个页面是否存在点击挟持漏洞。然而,人工检测方式下,很难辨别是否点击在iframe页面的一些功能性按钮上还是待检测页面上,很容易出现漏报或误报,检测准确率较低。In the field of financial technology (Fintech), the importance of information security is self-evident. In the process of financial transactions, there are click-jacking vulnerabilities on some web pages, and these click-jacking vulnerabilities need to be detected. At present, the way to detect clickjacking vulnerabilities is to manually test webpages. By manually clicking on webpages, the test will click on some functional buttons on the iframe page to determine whether a page has clickjacking vulnerabilities. However, in the manual detection mode, it is difficult to distinguish whether the click is on some functional buttons on the iframe page or on the page to be detected, which is prone to false negatives or false positives, and the detection accuracy is low.

为此,本申请实施例提供一种点击劫持漏洞检测方法,图1为本申请实施例提供的一种点击劫持漏洞检测方法的步骤流程示意图。To this end, an embodiment of the present application provides a method for detecting a clickjacking vulnerability, and FIG. 1 is a schematic flowchart of steps of a method for detecting a clickjacking vulnerability provided in an embodiment of the present application.

步骤101:获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作。Step 101: Acquiring the Uniform Resource Locator URL of the page to be detected, and determining whether to perform a simulated click operation on the page to be detected according to the URL.

需要说明的是,这里对待检测页面的浏览器不做限定,举例来说,无界面浏览器(Headless Browser),Headless Browser是没有图形用户界面(GUI)的网页浏览器,通常是通过编程或命令行界面来控制的,Headless Browser具体可以为Chrome Headless,ChromeHeadless的许多用处之一是自动化可用性测试或测试浏览器交互。可以调用ChromeHeadless进行模拟点击操作等。It should be noted that the browser of the page to be detected here is not limited. For example, a headless browser (Headless Browser), a headless browser is a web browser without a graphical user interface (GUI), usually through programming or commands One of the many uses of Chrome Headless is to automate usability testing or test browser interaction. You can call ChromeHeadless to simulate click operations, etc.

步骤102:若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文。Step 102: If it is determined to perform a simulated click operation on the page to be detected, obtain a hypertext transfer protocol HTTP response message returned based on the simulated click operation.

步骤103:根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞。Step 103: Determine whether the page to be detected has a clickjacking vulnerability according to at least one result in the HTTP response message.

步骤101中,根据所述URL确定是否对所述待检测页面执行模拟点击操作的具体实施方式可以为:In step 101, the specific implementation manner of determining whether to perform a simulated click operation on the page to be detected according to the URL may be:

确定所述URL是否在预设URL白名单中,若否,则对所述待检测页面执行模拟点击操作。Determine whether the URL is in the preset URL whitelist, if not, perform a simulated click operation on the page to be detected.

举例来说,预设URL白名单中包括URL1、URL2、URL3。待检测页面A的URL4不在预设URL白名单中,因此对待检测页面A执行模拟点击操作。For example, the preset URL whitelist includes URL1, URL2, and URL3. The URL4 of the page A to be detected is not in the preset URL whitelist, so a simulated click operation is performed on the page A to be detected.

上述方法中,通过预设URL白名单,提前过滤掉一部分URL,从而在一定程度上防止误报,提升了点击劫持漏洞的检测准确率。In the above method, some URLs are filtered out in advance by presetting the URL whitelist, thereby preventing false positives to a certain extent and improving the detection accuracy of clickjacking vulnerabilities.

步骤102中,若确定对所述待检测页面执行模拟点击操作,获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文的一种可选实施方式如下:In step 102, if it is determined to perform a simulated click operation on the page to be detected, an optional implementation manner of obtaining a hypertext transfer protocol HTTP response message returned based on the simulated click operation is as follows:

若所述模拟点击操作对应的HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息,则获取基于所述模拟点击操作返回的所述HTTP响应报文。If the HTTP request corresponding to the simulated click operation is a request to change the background data of the page to be detected, and the HTTP request contains login state information, then obtain the HTTP response message returned based on the simulated click operation .

需要说明的是,待检测页面的一些相关配置信息作为后台数据存储在后台服务器中,HTTP请求为更改所述待检测页面的后台数据的请求指,用于更改待检测页面的后台数据的请求。It should be noted that some related configuration information of the page to be detected is stored in the background server as background data, and the HTTP request refers to a request for changing the background data of the page to be detected.

上述方法中,由于HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息时,该HTTP请求才有出现劫持漏洞的条件,因此这种情况下才获取HTTP响应报文。In the above method, since the HTTP request is a request to change the background data of the page to be detected, and the HTTP request contains login state information, the HTTP request has the condition of hijacking vulnerability, so in this case, the HTTP response message.

步骤103中,所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码。In step 103, the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, or whether the HTTP response message contains an inline attribute for prohibiting the loading of the page to be detected. The preset anti-hijacking code of the frame iframe page.

预设防劫持代码具体形式在此不做限定,举例来说,如图2所示,为本申请实施例提供的一种点击劫持漏洞检测方法的预设防劫持代码的示意图。图2示出的代码在运行时执行以下步骤:The specific form of the preset anti-hijacking code is not limited here. For example, as shown in FIG. 2 , it is a schematic diagram of a preset anti-hijacking code of a clickjacking vulnerability detection method provided by an embodiment of the present application. The code shown in Figure 2 performs the following steps at runtime:

第一步、将待检测页面显示的主体部分设置display为None的层叠样式表(cascading style sheets,CSS)样式。The first step is to set the display of the main part of the page to be detected to be a cascading style sheet (cascading style sheets, CSS) style of None.

需要说明的是,display为一个可定义CSS样式的参数,通过对display赋不同的值,可以设置不同的CSS样式。当display设置为None时,可以使待检测页面显示的主体部分不会隐藏在浏览器的待检测页面上,不会被点击控制,按浏览器对代码的渲染顺序,隐藏主体的样式style标签内的代码会首先生效,style为待检测页面的一个属性。It should be noted that display is a parameter that can define CSS styles, and different CSS styles can be set by assigning different values to display. When display is set to None, the main part displayed on the page to be detected will not be hidden on the page to be detected by the browser, and will not be controlled by clicking. According to the rendering order of the code by the browser, the style tag of the main body will be hidden. The code of will take effect first, and style is an attribute of the page to be detected.

第二步、当浏览器渲染到最后的js代码部分时,script标签内的js代码生效,检查页面是否被嵌套。In the second step, when the browser renders to the final js code part, the js code in the script tag takes effect, and checks whether the page is nested.

需要说明的是,js是JavaScript一种直译式脚本语言。It should be noted that js is a literal scripting language of JavaScript.

第三步、如果top和self相等时,说明页面没有被嵌套,则移除原来设置到主体部分的display为None的CSS样式。Step 3: If top and self are equal, it means that the page is not nested, then remove the CSS style that originally set display to None in the main body.

其中,top是浏览器提供的变量,表示最外层窗口对象,self是当前窗口对象。Among them, top is a variable provided by the browser, representing the outermost window object, and self is the current window object.

第四步、如果top和self不相等时,则将self.location赋值给top.location,使得js代码将最外层窗口的页面跳转到待检测页面的页面,防止被嵌套。The fourth step, if top and self are not equal, then assign self.location to top.location, so that the js code will jump the page of the outermost window to the page of the page to be detected to prevent nesting.

其中,top.location表示最外层窗口对象的位置,self.location表示当前窗口对象的位置。Among them, top.location indicates the location of the outermost window object, and self.location indicates the location of the current window object.

所述HTTP响应报文包括HTTP资源部分,按照以下方式确定所述HTTP响应报文是否含有所述预设防劫持代码:将所述HTTP资源部分与预设正则表达式进行正则匹配,根据正则匹配的结果确定所述HTTP响应报文是否含有所述预设防劫持代码。The HTTP response message includes an HTTP resource part, and it is determined whether the HTTP response message contains the preset anti-hijacking code in the following manner: the HTTP resource part is regularly matched with a preset regular expression, and according to the regular match As a result of determining whether the HTTP response message contains the preset anti-hijacking code.

上述方法中,通过对HTTP资源部分与预设正则表达式进行正则匹配的结果,确定所述HTTP响应报文是否含有所述预设防劫持代码,由于正则表达式具有较强的逻辑性和灵活性,因此可以准确检验出是否含有所述预设防劫持代码。In the above method, it is determined whether the HTTP response message contains the preset anti-hijacking code through the result of regular matching of the HTTP resource part and the preset regular expression, because the regular expression has strong logic and flexibility Therefore, it can be accurately checked whether the preset anti-hijacking code is contained.

另外,HTTP响应报文包括HTTP头部,可以通过字符串匹配确定是否含有内容安全策略CSP的页面嵌套属性。In addition, the HTTP response message includes an HTTP header, and it can be determined through string matching whether it contains the page nesting attribute of the content security policy CSP.

需要说明的是,CSP的页面嵌套属性取不同值时,代表不同的属性,举例来说:(1)CSP:frame-ancestors'none'表示不能被嵌套;(2)CSP:frame-ancestors'self';只能被本站点嵌套;(3)CSP:frame-ancestors'self'*.somesite.com';其中,*.somesite.com可以指示被嵌套的站点的域名协议端口等信息。It should be noted that when the page nesting attribute of CSP takes different values, it represents different attributes. For example: (1) CSP:frame-ancestors'none' means that it cannot be nested; (2)CSP:frame-ancestors 'self'; can only be nested by this site; (3) CSP:frame-ancestors'self'*.somesite.com'; where *.somesite.com can indicate the Domain Name Protocol port of the nested site, etc. information.

需要说明的是,上述至少一项结果还可以包括:所述HTTP响应报文是否包括页面嵌套头部信息。上述方法中,扩展了检测点击劫持漏洞的另一种结果,页面嵌套头部信息表征了待检测页面的页面嵌套属性,进一步提升了点击劫持漏洞的检测准确率,也可以通过字符串匹配确定是否含有页面嵌套头部信息。举例来说,页面嵌套头部信息可以为X-Frame-Options头部。It should be noted that the above at least one result may also include: whether the HTTP response message includes page nesting header information. In the above method, another result of detecting clickjacking vulnerabilities is extended. The page nesting header information represents the page nesting attributes of the page to be detected, which further improves the detection accuracy of clickjacking vulnerabilities. String matching can also be used to Determine whether to contain page nesting header information. For example, the page nesting header information may be the X-Frame-Options header.

具体地,X-Frame-Options取不同值时,有以下结果:X-Frame-Options:DENY:不允许被嵌套;X-Frame-Options:SAMEORIGIN:可以被同源站点嵌套;X-Frame-Options:ALLOW-FROM uri;指定可以被嵌套的页面。由于X-Frame-Options这个页面嵌套头部信息目前还不被一些浏览器支持,因此一些情况下需要结合CSP的页面嵌套属性确定点击劫持漏洞。Specifically, when X-Frame-Options takes different values, the results are as follows: X-Frame-Options: DENY: Nesting is not allowed; X-Frame-Options: SAMEORIGIN: Can be nested by same-origin sites; X-Frame -Options:ALLOW-FROM uri; specify pages that can be nested. Since the page nesting header information of X-Frame-Options is not currently supported by some browsers, in some cases it is necessary to combine the page nesting attributes of CSP to determine the clickjacking vulnerability.

步骤101~步骤103所述的方法中,首先获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作,若确定对所述待检测页面执行模拟点击操作,则获取HTTP响应报文,并根据所述HTTP响应报文中的至少一项结果确定是否存在点击劫持漏洞;从而根据所述URL减少了点击劫持漏洞的一部分漏报,另外,对所述待检测页面进行点击劫持漏洞时,通过对所述待检测页面执行模拟点击操作的至少一项结果确定所述待检测页面是否存在点击劫持漏洞,而CSP的页面嵌套属性,表征了待检测页面能否被iframe页面嵌套,另外再结合用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码,全面考虑了待检测页面是否存在点击劫持漏洞,从而提升了检测准确率。In the method described in steps 101 to 103, first obtain the Uniform Resource Locator URL of the page to be detected, and determine whether to perform a simulated click operation on the page to be detected according to the URL, if it is determined to perform a click operation on the page to be detected Simulate a click operation, then obtain the HTTP response message, and determine whether there is a click-hijacking vulnerability according to at least one result in the HTTP response message; thereby reducing a part of the click-hijacking vulnerability according to the URL. When the page to be detected has a click hijacking vulnerability, it is determined whether the page to be detected has a click hijacking vulnerability by performing at least one result of a simulated click operation on the page to be detected, and the page nesting attribute of the CSP represents the Detecting whether the page can be nested by an iframe page, combined with the preset anti-hijacking code used to prohibit the page to be detected from loading the inline box iframe page, fully considers whether the page to be detected has a click hijacking vulnerability, thereby improving detection Accuracy.

下面结合图3,详细介绍本申请实施例提供的一种点击劫持漏洞检测方法,图3为该方法的具体步骤流程示意图。A method for detecting a clickjacking vulnerability provided by an embodiment of the present application is described in detail below in conjunction with FIG. 3 . FIG. 3 is a schematic flowchart of specific steps of the method.

步骤301:获取待检测页面的URL。Step 301: Obtain the URL of the page to be detected.

步骤302:确定待检测页面的URL是否在预设白名单中。Step 302: Determine whether the URL of the page to be detected is in the preset white list.

若是,则执行步骤310;否则,执行步骤303。If yes, go to step 310; otherwise, go to step 303.

步骤303:进行模拟点击操作,触发HTTP请求。Step 303: Perform a simulated click operation to trigger an HTTP request.

举例来说,调用Chrome Headless的JavaScript进行模拟点击操作。For example, calling Chrome Headless JavaScript to simulate a click.

步骤304:确定HTTP请求是否满足预设条件:HTTP请求为更新待检测页面的后台数据的请求,且HTTP请求包括登录态信息。Step 304: Determine whether the HTTP request satisfies a preset condition: the HTTP request is a request for updating the background data of the page to be detected, and the HTTP request includes login status information.

若是,则执行步骤305;否则,执行步骤310。If yes, go to step 305; otherwise, go to step 310.

步骤305:获取HTTP响应报文。Step 305: Obtain an HTTP response message.

HTTP响应报文为响应待检测页面的HTTP请求的响应报文。The HTTP response message is a response message in response to the HTTP request of the page to be detected.

步骤305执行之后,执行步骤306~步骤308中至少一个步骤。After step 305 is executed, at least one of steps 306 to 308 is executed.

步骤306:确定HTTP响应报文是否包含页面嵌套头部信息。Step 306: Determine whether the HTTP response message contains page nesting header information.

步骤307:确定HTTP响应报文是否包含CSP策略的页面嵌套属性。Step 307: Determine whether the HTTP response message contains the page nesting attribute of the CSP policy.

步骤308:确定HTTP响应报文是否包含预设防劫持代码。Step 308: Determine whether the HTTP response message contains a preset anti-hijacking code.

需要说明的是,可以同时执行步骤306~步骤308中至少一个步骤,步骤306~步骤308之间不受影响。It should be noted that at least one of steps 306 to 308 may be executed at the same time, and steps 306 to 308 are not affected.

若步骤306~步骤308中执行的至少一个步骤中有步骤的确定结果为是,则执行步骤310;否则执行步骤309。If the determination result of at least one of the steps executed in steps 306 to 308 is yes, then step 310 is executed; otherwise, step 309 is executed.

步骤309:确定待检测页面有点击劫持漏洞。Step 309: Determine that the page to be detected has a clickjacking vulnerability.

步骤310:确定待检测页面无点击劫持漏洞。Step 310: Determine that the page to be detected has no clickjacking vulnerability.

根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞;所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码。Determine whether the page to be detected has a clickjacking vulnerability according to at least one result in the HTTP response message; the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, Or, whether the HTTP response message contains a preset anti-hijacking code for prohibiting the page to be detected from loading an iframe page.

比较已有技术和本申请中方法对200个域名的主页进行测试,结果如表1所示:Compare the prior art and the method in this application to test the homepages of 200 domain names, and the results are shown in Table 1:

检测总量Total detection 检出个数Detected number 漏报个数Number of missing reports 误报个数Number of false positives 现有技术current technology 200200 115115 1212 3333 本申请this application 200200 9191 77 44

表1Table 1

可以发现本申请方法下准确率提高很多,相对来说极大降低了误报率,上述对这些漏报误报情况可以通过设置黑白名单的方式改进,减少安全人员的人工审核时间。It can be found that the accuracy rate of this application method is greatly improved, and the false positive rate is relatively greatly reduced. The above-mentioned false positives and false positives can be improved by setting a black and white list, reducing the manual review time of security personnel.

如图4所示,为本申请实施例提供的一种点击劫持漏洞检测装置的结构示意图。As shown in FIG. 4 , it is a schematic structural diagram of a clickjacking vulnerability detection device provided by the embodiment of the present application.

本申请提供一种点击劫持漏洞检测装置,包括:获取模块401,用于获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作;处理模块402,用于若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文;根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞;所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码。The present application provides a clickjacking vulnerability detection device, comprising: an acquisition module 401, configured to acquire the Uniform Resource Locator URL of the page to be detected, and determine whether to perform a simulated click operation on the page to be detected according to the URL; a processing module 402. If it is determined to perform a simulated click operation on the page to be detected, obtain a hypertext transfer protocol HTTP response message returned based on the simulated click operation; determine according to at least one result in the HTTP response message Whether there is a click hijacking vulnerability in the page to be detected; the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, or whether the HTTP response message contains a Describe the preset anti-hijacking code of the iframe page loaded by the page to be detected.

一种可选实施方式中,所述HTTP响应报文包括HTTP资源部分,所述处理模块402具体用于:按照以下方式确定所述HTTP响应报文是否含有所述预设防劫持代码:将所述HTTP资源部分与预设正则表达式进行正则匹配,根据正则匹配的结果确定所述HTTP响应报文是否含有所述预设防劫持代码。In an optional implementation manner, the HTTP response message includes an HTTP resource part, and the processing module 402 is specifically configured to: determine whether the HTTP response message contains the preset anti-hijacking code in the following manner: The HTTP resource part is regularly matched with a preset regular expression, and it is determined whether the HTTP response message contains the preset anti-hijacking code according to the result of the regular match.

一种可选实施方式中,所述处理模块402具体用于:若所述模拟点击操作对应的HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息,则获取基于所述模拟点击操作返回的所述HTTP响应报文。In an optional implementation manner, the processing module 402 is specifically configured to: if the HTTP request corresponding to the simulated click operation is a request for changing the background data of the page to be detected, and the HTTP request contains login status information , then acquire the HTTP response message returned based on the simulated click operation.

一种可选实施方式中,所述处理模块402具体用于:确定所述URL是否在预设URL白名单中,若否,则对所述待检测页面执行模拟点击操作。In an optional implementation manner, the processing module 402 is specifically configured to: determine whether the URL is in the preset URL whitelist, and if not, perform a simulated click operation on the page to be detected.

一种可选实施方式中,所述至少一项结果还包括:所述HTTP响应报文是否包括页面嵌套头部信息。In an optional implementation manner, the at least one result further includes: whether the HTTP response message includes page nesting header information.

上述装置各个实施例的有益效果,可以参考本申请提供的一种点击劫持漏洞方法的有益效果,这里不再赘述。For the beneficial effects of the various embodiments of the above-mentioned device, reference may be made to the beneficial effects of a clickjacking vulnerability method provided in the present application, which will not be repeated here.

本申请实施例提供一种计算机设备,包括程序或指令,当所述程序或指令被执行时,用以执行本申请提供的一种点击劫持漏洞方法以及各个实施例的方法。An embodiment of the present application provides a computer device, including a program or an instruction, and when the program or instruction is executed, it is used to execute a clickjacking vulnerability method provided in the present application and the methods of various embodiments.

本申请实施例提供一种存储介质,包括程序或指令,当所述程序或指令被执行时,用以执行本申请提供的一种点击劫持漏洞方法以及各个实施例的方法。An embodiment of the present application provides a storage medium, including a program or an instruction. When the program or instruction is executed, it is used to execute a clickjacking vulnerability method provided in the present application and the methods in various embodiments.

最后应说明的是:本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、光学存储器等)上实施的计算机程序产品的形式。Finally, it should be noted that: those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) having computer-usable program code embodied therein.

本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Apparently, those skilled in the art can make various changes and modifications to the present application without departing from the scope of the present application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (12)

1.一种点击劫持漏洞检测方法,其特征在于,包括:1. A clickjacking vulnerability detection method, characterized in that, comprising: 获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作;Obtaining the Uniform Resource Locator URL of the page to be detected, and determining whether to perform a simulated click operation on the page to be detected according to the URL; 若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文;If it is determined to perform a simulated click operation on the page to be detected, then obtain a hypertext transfer protocol HTTP response message returned based on the simulated click operation; 根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞;所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码;Determine whether the page to be detected has a clickjacking vulnerability according to at least one result in the HTTP response message; the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, Or, whether the HTTP response message contains a preset anti-hijacking code for prohibiting the page to be detected from loading an iframe page; 所述CSP的页面嵌套属性的取值指示了以下任一项属性:指示所述待检测页面不能被嵌套;指示所述待检测页面只能被本站点嵌套;指示所述待检测页面能够被嵌套的站点。The value of the page nesting attribute of the CSP indicates any of the following attributes: indicating that the page to be detected cannot be nested; indicating that the page to be detected can only be nested by this site; indicating that the page to be detected A site where pages can be nested. 2.如权利要求1所述的方法,其特征在于,所述HTTP响应报文包括HTTP资源部分,按照以下方式确定所述HTTP响应报文是否含有所述预设防劫持代码:2. The method according to claim 1, wherein the HTTP response message includes an HTTP resource part, and it is determined whether the HTTP response message contains the preset anti-hijacking code in the following manner: 将所述HTTP资源部分与预设正则表达式进行正则匹配,根据正则匹配的结果确定所述HTTP响应报文是否含有所述预设防劫持代码。Regularly matching the HTTP resource part with a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijacking code according to a result of the regular matching. 3.如权利要求1所述的方法,其特征在于,所述若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文,包括:3. The method according to claim 1, wherein if it is determined to perform a simulated click operation on the page to be detected, then obtain a hypertext transfer protocol HTTP response message returned based on the simulated click operation, including : 若所述模拟点击操作对应的HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息,则获取基于所述模拟点击操作返回的所述HTTP响应报文。If the HTTP request corresponding to the simulated click operation is a request to change the background data of the page to be detected, and the HTTP request contains login state information, then obtain the HTTP response message returned based on the simulated click operation . 4.如权利要求1所述的方法,其特征在于,所述根据所述URL确定是否对所述待检测页面执行模拟点击操作,包括:4. The method according to claim 1, wherein determining whether to perform a simulated click operation on the page to be detected according to the URL comprises: 确定所述URL是否在预设URL白名单中,若否,则对所述待检测页面执行模拟点击操作。Determine whether the URL is in the preset URL whitelist, if not, perform a simulated click operation on the page to be detected. 5.如权利要求1-4任一所述的方法,其特征在于,所述至少一项结果还包括:所述HTTP响应报文是否包括页面嵌套头部信息。5. The method according to any one of claims 1-4, wherein the at least one result further comprises: whether the HTTP response message includes page nesting header information. 6.一种点击劫持漏洞检测装置,其特征在于,包括:6. A clickjacking vulnerability detection device, characterized in that it comprises: 获取模块,用于获取待检测页面的统一资源定位符URL,并根据所述URL确定是否对所述待检测页面执行模拟点击操作;An acquisition module, configured to acquire the Uniform Resource Locator URL of the page to be detected, and determine whether to perform a simulated click operation on the page to be detected according to the URL; 处理模块,用于若确定对所述待检测页面执行模拟点击操作,则获取基于所述模拟点击操作返回的超文本传输协议HTTP响应报文;根据所述HTTP响应报文中的至少一项结果确定所述待检测页面是否存在点击劫持漏洞;所述至少一项结果包括所述HTTP响应报文是否含有内容安全策略CSP的页面嵌套属性,或,所述HTTP响应报文是否含有用于禁止所述待检测页面加载内联框iframe页面的预设防劫持代码;A processing module, configured to obtain a hypertext transfer protocol HTTP response message returned based on the simulated click operation if it is determined to perform a simulated click operation on the page to be detected; according to at least one result in the HTTP response message Determine whether there is a clickjacking vulnerability in the page to be detected; the at least one result includes whether the HTTP response message contains the page nesting attribute of the content security policy CSP, or whether the HTTP response message contains The page to be detected loads the preset anti-hijacking code of the inline box iframe page; 所述CSP的页面嵌套属性的取值指示了以下任一项属性:指示所述待检测页面不能被嵌套;指示所述待检测页面只能被本站点嵌套;指示所述待检测页面能够被嵌套的站点。The value of the page nesting attribute of the CSP indicates any of the following attributes: indicating that the page to be detected cannot be nested; indicating that the page to be detected can only be nested by this site; indicating that the page to be detected A site where pages can be nested. 7.如权利要求6所述的装置,其特征在于,所述HTTP响应报文包括HTTP资源部分,所述处理模块具体用于:7. The device according to claim 6, wherein the HTTP response message includes an HTTP resource part, and the processing module is specifically used for: 按照以下方式确定所述HTTP响应报文是否含有所述预设防劫持代码:Determine whether the HTTP response message contains the preset anti-hijacking code in the following manner: 将所述HTTP资源部分与预设正则表达式进行正则匹配,根据正则匹配的结果确定所述HTTP响应报文是否含有所述预设防劫持代码。Regularly matching the HTTP resource part with a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijacking code according to a result of the regular matching. 8.如权利要求6所述的装置,其特征在于,所述处理模块具体用于:8. The device according to claim 6, wherein the processing module is specifically used for: 若所述模拟点击操作对应的HTTP请求为更改所述待检测页面的后台数据的请求,且所述HTTP请求中含有登陆态信息,则获取基于所述模拟点击操作返回的所述HTTP响应报文。If the HTTP request corresponding to the simulated click operation is a request to change the background data of the page to be detected, and the HTTP request contains login state information, then obtain the HTTP response message returned based on the simulated click operation . 9.如权利要求6所述的装置,其特征在于,所述处理模块具体用于:9. The device according to claim 6, wherein the processing module is specifically used for: 确定所述URL是否在预设URL白名单中,若否,则对所述待检测页面执行模拟点击操作。Determine whether the URL is in the preset URL whitelist, if not, perform a simulated click operation on the page to be detected. 10.如权利要求6-9任一所述的装置,其特征在于,所述至少一项结果还包括:所述HTTP响应报文是否包括页面嵌套头部信息。10. The device according to any one of claims 6-9, wherein the at least one result further includes: whether the HTTP response message includes page nesting header information. 11.一种计算机设备,其特征在于,所述计算机设备包括:处理器和存储器;其中,所述存储器存储有程序或指令,当所述程序或指令被所述处理器执行时,使得所述计算机设备执行如权利要求1至5任一项所述的方法。11. A computer device, characterized in that the computer device comprises: a processor and a memory; wherein the memory stores a program or an instruction, and when the program or instruction is executed by the processor, the The computer device executes the method according to any one of claims 1 to 5. 12.一种存储介质,其特征在于,所述存储介质包括计算机指令,当所述计算机指令在计算机上运行时,使得所述计算机执行如权利要求1至5任一项所述的方法。12. A storage medium, characterized in that the storage medium comprises computer instructions, and when the computer instructions are run on a computer, the computer is made to execute the method according to any one of claims 1 to 5.
CN201910540302.0A 2019-06-21 2019-06-21 Click hijacking vulnerability detection method and device and computer equipment Active CN110278207B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910540302.0A CN110278207B (en) 2019-06-21 2019-06-21 Click hijacking vulnerability detection method and device and computer equipment
PCT/CN2020/085723 WO2020253351A1 (en) 2019-06-21 2020-04-20 Click hijacking vulnerability detection method, device and computer apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910540302.0A CN110278207B (en) 2019-06-21 2019-06-21 Click hijacking vulnerability detection method and device and computer equipment

Publications (2)

Publication Number Publication Date
CN110278207A CN110278207A (en) 2019-09-24
CN110278207B true CN110278207B (en) 2023-04-07

Family

ID=67961260

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910540302.0A Active CN110278207B (en) 2019-06-21 2019-06-21 Click hijacking vulnerability detection method and device and computer equipment

Country Status (2)

Country Link
CN (1) CN110278207B (en)
WO (1) WO2020253351A1 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278207B (en) * 2019-06-21 2023-04-07 深圳前海微众银行股份有限公司 Click hijacking vulnerability detection method and device and computer equipment
CN111130993B (en) * 2019-11-22 2022-03-29 北京知道创宇信息技术股份有限公司 Information extraction method and device and readable storage medium
CN113158187B (en) * 2021-03-26 2022-12-23 杭州数梦工场科技有限公司 Method and device for detecting click hijacking and electronic equipment
CN113162937A (en) * 2021-04-25 2021-07-23 中国工商银行股份有限公司 Application safety automatic detection method, system, electronic equipment and storage medium
CN114090676A (en) * 2021-11-30 2022-02-25 上海通联金融服务有限公司 Method for realizing field in JSON message of filtering interface
CN114884730B (en) * 2022-05-07 2023-12-29 深信服科技股份有限公司 Request detection method, device, equipment and readable storage medium
CN115695050B (en) * 2022-12-31 2023-04-07 北京仁科互动网络技术有限公司 Method, device, electronic device and storage medium for preventing clickjacking attack
CN116644250B (en) * 2023-07-27 2023-10-20 太平金融科技服务(上海)有限公司 Page detection method, page detection device, computer equipment and storage medium
CN118761060B (en) * 2024-09-02 2024-11-15 中国人民解放军国防科技大学 Web application vulnerability dynamic detection method and system based on LLM Agent

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486140A (en) * 2014-11-28 2015-04-01 华北电力大学 Device and method for detecting hijacking of web page
CN105245518A (en) * 2015-09-30 2016-01-13 小米科技有限责任公司 Method and device for detecting website hijacking
CN107819639A (en) * 2016-09-14 2018-03-20 西门子公司 A kind of method of testing and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8856869B1 (en) * 2009-06-22 2014-10-07 NexWavSec Software Inc. Enforcement of same origin policy for sensitive data
US9015844B1 (en) * 2012-06-25 2015-04-21 Symantec Corporation Techniques for web application vulnerability scanning
CN104767747A (en) * 2015-03-30 2015-07-08 微梦创科网络科技(中国)有限公司 Click-jacking security detection method and device
CN107968769A (en) * 2016-10-19 2018-04-27 中兴通讯股份有限公司 Webpage security detection method and device
CN109672658B (en) * 2018-09-25 2022-01-21 平安科技(深圳)有限公司 JSON hijacking vulnerability detection method, device, equipment and storage medium
CN110278207B (en) * 2019-06-21 2023-04-07 深圳前海微众银行股份有限公司 Click hijacking vulnerability detection method and device and computer equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104486140A (en) * 2014-11-28 2015-04-01 华北电力大学 Device and method for detecting hijacking of web page
CN105245518A (en) * 2015-09-30 2016-01-13 小米科技有限责任公司 Method and device for detecting website hijacking
CN107819639A (en) * 2016-09-14 2018-03-20 西门子公司 A kind of method of testing and device

Also Published As

Publication number Publication date
WO2020253351A1 (en) 2020-12-24
CN110278207A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
CN110278207B (en) Click hijacking vulnerability detection method and device and computer equipment
CN104486140B (en) It is a kind of to detect device and its detection method that webpage is held as a hostage
US7111246B2 (en) User interface accorded to tiered object-related trust decisions
US8683596B2 (en) Detection of DOM-based cross-site scripting vulnerabilities
AU2017302249B8 (en) Visual regression testing tool
US9852049B2 (en) Screenshot validation testing
US8468603B2 (en) Tiered object-related trust decisions
US10152552B2 (en) Analyzing a structure of a web application to produce actionable tokens
CN111737692B (en) Application program risk detection method and device, equipment and storage medium
CN106033450B (en) Advertisement blocking method and device and browser
US11062019B2 (en) System and method for webpages scripts validation
TW201617925A (en) Web browser policy for HTTP-based application
CN105959324A (en) Regular matching-based network attack detection method and apparatus
US20150205767A1 (en) Link appearance formatting based on target content
US12063281B2 (en) Methods for controlling tracking elements of a web page and related electronic devices
US10664648B2 (en) Webpage rendering using a remotely generated layout node tree
CN110892377A (en) System and method for developing Web products
CN106294760B (en) Form processing method, server and client
CN104978423A (en) Website type detection method and apparatus
CN104601543A (en) Method and system for identifying software tampered browser home page
JP5753302B1 (en) Program, method and system for warning access to web page
CN105243134B (en) A method and device for processing a hijacked browser
US20090113280A1 (en) Enabling Pseudo-Class Styles without Revealing Personal Information
US11381596B1 (en) Analyzing and mitigating website privacy issues by automatically classifying cookies
JP6446945B2 (en) Incompatible detection device, incompatible detection method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant